CONTENTS: 1) Securing Legacy C Applications Using Dynamic Data Flow Analysis by Steve Cook, Dr. Calvin Lin, and Walter Chang: Describes an extensible, compiler-based system to ensure that C programs enforce a wide variety of user-defined security policies with a minimum of runtime overhead and disruption to development processes. 2) Building Secure Systems Using Model-Based Engineering and Architectural Models by Dr. Joergen Hansson, Dr. Peter H. Feiler, and John Morley: Shows how model-based engineering and architectural modeling are a platform for multi-dimensional, multi-fidelity analysis, enabling a system designer to exercise various architectural design options for confidentiality and data integrity prior to system realization. 3) Practical Defense In Depth by Michael Howard: This article shows how defense in depth mechanisms have been effective in slowing and stopping attacks. 4) Supporting Safe Content-Inspection of Web Traffic by Dr. Partha Pal and Michael Atighetchi: More and more interactions are becoming Web-based. The concept of a personal proxy has the potential to fill an important and emerging gap in the current Web-based systems architecture, and this article explores an early prototype. 5) Enhancing the Development Life Cycle to Produce Secure Software by Karen Mercedes Goertzel: Explores recent reports on security in the software development life cycle, and shows how enhancing practices with the objective of improving software quality, reliability, and fault-tolerance results in software that is higher in quality, more reliable, and more tolerant of faults. 6) Hazardous Software Development by Corey P. Cunha: Explores past safety-critical systems failures in hazardous situations the Union Carbide accident in Bhopal, the Patriot Missile Defense System failure, the Iran Air Flight 655 shoot-down, and Therac-25 system malfunctions and how methods such as closed-loop corrective actions can help prevent future problems.
